def make_superuser(cls, core_group, quota=None):
from core.models import Quota
if not quota:
quota = Quota.max_quota()
account_providers = AccountProvider.objects.distinct('provider')
for acct in account_providers:
acct.share_with(core_group)
def make_superuser(cls, core_group, quota=None):
from core.models import Quota
if not quota:
quota = Quota.max_quota()
account_providers = AccountProvider.objects.distinct('provider')
for acct in account_providers:
acct.share_with(core_group)
def share(self, core_group, quota=None):
"""
"""
from core.models import IdentityMembership, ProviderMembership, Quota, Allocation
existing_membership = IdentityMembership.objects.filter(
member=core_group, identity=self)
if existing_membership:
return existing_membership[0]
#User does not already have membership - Check for provider membership
prov_membership = ProviderMembership.objects.filter(
member=core_group, provider=self.provider)
if not prov_membership:
raise Exception("Cannot share identity membership before the"
" provider is shared")
#Ready to create new membership for this group
if not quota:
quota = Quota.default_quota()
allocation = Allocation.default_allocation()
new_membership = IdentityMembership.objects.get_or_create(
member=core_group,
identity=self,
quota=quota,
allocation=allocation)[0]
return new_membership
def create_admin(provider, admin_info):
REQUIRED_FIELDS = ["username", "password", "tenant"]
if not has_fields(admin_info, REQUIRED_FIELDS):
print "Please add missing admin information."
sys.exit(1)
username = admin_info["username"]
password = admin_info["password"]
tenant = admin_info["tenant"]
(user, group) = Group.create_usergroup(username)
try:
new_identity = Identity.objects.get(
provider=provider, created_by=user
) # FIXME: This will need to be more explicit, look for AccountProvider?
except Identity.DoesNotExist:
new_identity = Identity.objects.create(
provider=provider, created_by=user, quota=Quota.default_quota()
)
new_identity.credential_set.get_or_create(key='key', value=username)
new_identity.credential_set.get_or_create(key='secret', value=password)
new_identity.credential_set.get_or_create(
key='ex_tenant_name', value=tenant
)
new_identity.credential_set.get_or_create(
key='ex_project_name', value=tenant
)
quota = Quota.objects.filter(**Quota.default_dict()).first()
if not quota:
quota = Quota.default_quota()
# TODO: Test why we do this here and not AFTER creating AccountProvider/IdentityMembership -- Then label the rationale.
# Necessary for save hooks -- Default project, select an identity
user.save()
AccountProvider.objects.get_or_create(
provider=provider, identity=new_identity
)
IdentityMembership.objects.get_or_create(
identity=new_identity, member=group
)
return new_identity
def _validate_quota(self, data):
quota_uuid = data.get('quota', '')
if not quota_uuid:
return Quota.default_quota()
quota = Quota.objects.filter(uuid=quota_uuid).first()
if not quota:
raise serializers.ValidationError(
"Quota '%s' not found" % quota_uuid)
return quota
def _new_mock_identity_member(username, provider):
# Mock a user and an identity..
mock_user = AtmosphereUser.objects.get_or_create(username=username)[0]
mock_group = Group.objects.get_or_create(name=username)[0]
mock_quota = Quota.default_quota()
mock_identity = Identity.objects.get_or_create(
created_by=mock_user, quota=mock_quota, provider=provider
)[0]
mock_identity_member = IdentityMembership.objects.get_or_create(
identity=mock_identity, member=mock_group
)[0]
return mock_identity_member
def create_admin(provider, admin_info):
REQUIRED_FIELDS = ["username", "password", "tenant"]
if not has_fields(admin_info, REQUIRED_FIELDS):
print "Please add missing admin information."
sys.exit(1)
username = admin_info["username"]
password = admin_info["password"]
tenant = admin_info["tenant"]
(user, group) = Group.create_usergroup(username)
new_identity = Identity.objects.get_or_create(provider=provider,
created_by=user)[0]
new_identity.credential_set.get_or_create(key='key',
value=username)
new_identity.credential_set.get_or_create(key='secret',
value=password)
new_identity.credential_set.get_or_create(key='ex_tenant_name',
value=tenant)
new_identity.credential_set.get_or_create(key='ex_project_name',
value=tenant)
quota = Quota.objects.filter(**Quota.default_dict()).first()
if not quota:
quota = Quota.default_quota()
# TODO: Test why we do this here and not AFTER creating AccountProvider/IdentityMembership -- Then label the rationale.
# Necessary for save hooks -- Default project, select an identity
user.save()
AccountProvider.objects.get_or_create(
provider=provider, identity=new_identity)
IdentityMembership.objects.get_or_create(
identity=new_identity, member=group, quota=quota)
return new_identity
def share(self, core_group, quota=None):
"""
"""
from core.models import IdentityMembership, Quota, Allocation
existing_membership = IdentityMembership.objects.filter(
member=core_group, identity=self)
if existing_membership:
return existing_membership[0]
#Ready to create new membership for this group
if not quota:
quota = Quota.default_quota()
allocation = Allocation.default_allocation()
new_membership = IdentityMembership.objects.get_or_create(
member=core_group, identity=self, quota=quota, allocation=allocation)[0]
return new_membership
def share(self, core_group, quota=None):
"""
"""
from core.models import IdentityMembership, Quota, Allocation
existing_membership = IdentityMembership.objects.filter(
member=core_group, identity=self)
if existing_membership:
return existing_membership[0]
#Ready to create new membership for this group
if not quota:
quota = Quota.default_quota()
allocation = Allocation.default_allocation()
new_membership = IdentityMembership.objects.get_or_create(
member=core_group,
identity=self,
quota=quota,
allocation=allocation)[0]
return new_membership
def share(self, core_group, quota=None):
"""
"""
from core.models import IdentityMembership, ProviderMembership, Quota, Allocation
existing_membership = IdentityMembership.objects.filter(member=core_group, identity=self)
if existing_membership:
return existing_membership[0]
# User does not already have membership - Check for provider membership
prov_membership = ProviderMembership.objects.filter(member=core_group, provider=self.provider)
if not prov_membership:
raise Exception("Cannot share identity membership before the" " provider is shared")
# Ready to create new membership for this group
if not quota:
quota = Quota.default_quota()
allocation = Allocation.default_allocation()
new_membership = IdentityMembership.objects.get_or_create(
member=core_group, identity=self, quota=quota, allocation=allocation
)[0]
return new_membership
def create_identity(cls, username, provider_location,
quota=None,
max_quota=False, account_admin=False, **kwarg_creds):
"""
Create new User/Group & Identity for given provider_location
NOTES:
* kwargs prefixed with 'cred_' will be collected as credentials
* Can assign optional flags:
+ max_quota - Assign the highest quota available, rather than
default.
+ account_admin - Private Clouds only - This user should have ALL
permissions including:
* Image creation (Glance)
* Account creation (Keystone)
* Access to ALL instances launched over ALL users
Atmosphere will run fine without an account_admin, but the above
features will be disabled.
"""
# Do not move up. ImportError.
from core.models import Group, Credential, Quota,\
Provider, AccountProvider, Allocation,\
IdentityMembership
provider = Provider.objects.get(location__iexact=provider_location)
credentials = {}
for (c_key, c_value) in kwarg_creds.items():
if 'cred_' not in c_key.lower():
continue
c_key = c_key.replace('cred_', '')
credentials[c_key] = c_value
(user, group) = Group.create_usergroup(username)
# NOTE: This specific query will need to be modified if we want
# 2+ Identities on a single provider
id_membership = IdentityMembership.objects.filter(
member__name=user.username,
identity__provider=provider,
identity__created_by__username=user.username)
if not id_membership:
default_allocation = Allocation.default_allocation()
# 1. Create an Identity Membership
# DEV NOTE: I have a feeling that THIS line will mean
# creating a secondary identity for a user on a given
# provider will be difficult. We need to find a better
# workflow here..
try:
identity = Identity.objects.get(created_by=user,
provider=provider)
except Identity.DoesNotExist:
new_uuid = uuid4()
identity = Identity.objects.create(
created_by=user,
provider=provider,
uuid=str(new_uuid))
id_membership = IdentityMembership.objects.get_or_create(
identity=identity,
member=group,
allocation=default_allocation,
quota=Quota.default_quota())
# Either first in list OR object from two-tuple.. Its what we need.
id_membership = id_membership[0]
# ID_Membership exists.
# 2. Make sure that all kwargs exist as credentials
# NOTE: Because we assume only one identity per provider
# We can add new credentials to
# existing identities if missing..
# In the future it will be hard to determine when we want to
# update values on an identity Vs. create a second, new
# identity.
for (c_key, c_value) in credentials.items():
test_key_exists = Credential.objects.filter(
identity=id_membership.identity,
key=c_key)
if test_key_exists:
logger.info("Conflicting Key Error: Key:%s Value:%s "
"Replacement:%s" %
(c_key, c_value, test_key_exists[0].value))
# No Dupes... But should we really throw an Exception here?
continue
Credential.objects.get_or_create(
identity=id_membership.identity,
key=c_key,
value=c_value)[0]
# 3. Assign a different quota, if requested
if quota:
id_membership.quota = quota
id_membership.allocation = None
id_membership.save()
elif max_quota:
quota = Quota.max_quota()
id_membership.quota = quota
id_membership.allocation = None
id_membership.save()
if account_admin:
admin = AccountProvider.objects.get_or_create(
provider=id_membership.identity.provider,
identity=id_membership.identity)[0]
# 5. Save the user to activate profile on first-time use
user.save()
# Return the identity
return id_membership.identity
def create_identity(cls,
username,
provider_location,
quota=None,
max_quota=False,
account_admin=False,
**kwarg_creds):
"""
Create new User/Group & Identity for given provider_location
NOTES:
* kwargs prefixed with 'cred_' will be collected as credentials
* Can assign optional flags:
+ max_quota - Assign the highest quota available, rather than
default.
+ account_admin - Private Clouds only - This user should have ALL
permissions including:
* Image creation (Glance)
* Account creation (Keystone)
* Access to ALL instances launched over ALL users
Atmosphere will run fine without an account_admin, but the above
features will be disabled.
"""
#Do not move up. ImportError.
from core.models import Group, Credential, Quota,\
Provider, AccountProvider, Allocation,\
IdentityMembership
provider = Provider.objects.get(location__iexact=provider_location)
credentials = {}
for (c_key, c_value) in kwarg_creds.items():
if 'cred_' not in c_key.lower():
continue
c_key = c_key.replace('cred_', '')
credentials[c_key] = c_value
(user, group) = Group.create_usergroup(username)
#NOTE: This specific query will need to be modified if we want
# 2+ Identities on a single provider
id_membership = IdentityMembership.objects.filter(
member__name=user.username,
identity__provider=provider,
identity__created_by__username=user.username)
if not id_membership:
default_allocation = Allocation.default_allocation()
#1. Create an Identity Membership
#DEV NOTE: I have a feeling that THIS line will mean
# creating a secondary identity for a user on a given
# provider will be difficult. We need to find a better
# workflow here..
try:
identity = Identity.objects.get(created_by=user,
provider=provider)
except Identity.DoesNotExist:
new_uuid = uuid4()
identity = Identity.objects.create(created_by=user,
provider=provider,
uuid=str(new_uuid))
#Two-tuple, (Object, created)
id_membership = IdentityMembership.objects.get_or_create(
identity=identity,
member=group,
allocation=default_allocation,
quota=Quota.default_quota())
#Either first in list OR object from two-tuple.. Its what we need.
id_membership = id_membership[0]
#ID_Membership exists.
#2. Make sure that all kwargs exist as credentials
# NOTE: Because we assume only one identity per provider
# We can add new credentials to
# existing identities if missing..
# In the future it will be hard to determine when we want to
# update values on an identity Vs. create a second, new
# identity.
for (c_key, c_value) in credentials.items():
test_key_exists = Credential.objects.filter(
identity=id_membership.identity, key=c_key)
if test_key_exists:
logger.info("Conflicting Key Error: Key:%s Value:%s "
"Replacement:%s" %
(c_key, c_value, test_key_exists[0].value))
#No Dupes... But should we really throw an Exception here?
continue
Credential.objects.get_or_create(identity=id_membership.identity,
key=c_key,
value=c_value)[0]
#3. Assign a different quota, if requested
if quota:
id_membership.quota = quota
id_membership.allocation = None
id_membership.save()
elif max_quota:
quota = Quota.max_quota()
id_membership.quota = quota
id_membership.allocation = None
id_membership.save()
if account_admin:
admin = AccountProvider.objects.get_or_create(
provider=id_membership.identity.provider,
identity=id_membership.identity)[0]
#5. Save the user to activate profile on first-time use
user.save()
#Return the identity
return id_membership.identity
